Friday 30 December 2011

Privacy... and the Phantom Tollbooth!

Last night I was reading my daughter's bedtime story from that classic of American children's literature, The Phantom Tollbooth, when I came across a passage that set out brilliantly the problems that can arise as a result of the gathering and use of private data. Bear in mind that The Phantom Tollbooth was first published in 1961: Norman Juster didn't have the benefit of seeing how what can loosely now be described as 'big data' operates - but he did have an understanding of how our information can be used against us, even when we have 'nothing to hide'.

To set the scene: Milo the boy, Tock the Watchdog and the huge insect the Humbug are on the final stages of their mission to rescue the princesses Rhyme and Reason from the Castle in the Air. They reach the bottom of the final staircase, pursued by demons, where they don't notice a little round man sleeping peacefully on a very large ledger. The next part I'm just going to repeat:

------------------------------------------
   "NAMES?" the little man called out briskly, just as the startled bug reached for the first step. He sat up quickly, pulled the book out from under him, put on a green eyeshade, and waited with his pen poised in the air.
   "Well, I..." stammered the bug.
   "NAMES?" he cried again, and as he did, he opened the book to page 512 and began to write furiously. The quill made horrible scratching noises, and the point, which was continuously catching on the paper, flicked tiny inkblots all over him. As they called out their names, he noted them carefully in alphabetical order.
   "Splendid, splendid, splendid," he muttered to himself. "I haven't had an M for ages."
   "What do you want our names for?" asked Milo, looking anxiously over his shoulder. "We're in a bit of a hurry."
   "Oh, this won't take a minute," the man assured them. "I'm just the official Senses Taker, and I must have some information before I can take your senses. Now, if you'll just tell me when you were born, where you were born, why you were born, how old you are now, how old you were then, how old you'll be in a little while, your mother's name, your father's name, your aunt's name, your uncle's name, your cousin's name, where you live, how long you've lived there, the schools you've attended, the schools you haven't attended, your hobbies, your telephone number, your shoe size, shirt size, collar size, hat size, and the names and addresses of six people who can verify all this information, we'll get started."
------------------------------------------

These days, of course, there wouldn't need to be a 'senses taker' to get most of that information - 800 million or so of us have already 'volunteered' much of it to Facebook, while much of the rest of it (the sensible bits anyway) can be gathered reasonably directly from other sources. Anyway, the Senses Taker proceeds to gather all this and more, before Milo quite reasonably suggests that they need to get a move on, and can they just proceed. At that point, the Senses Taker demands to know their destination.

------------------------------------------
   "The Castle in the Air," said Milo impatiently.
   "Why bother?" said the Senses Taker, pointing to the distance. "I'm sure you'd rather see what I have to show you."
   As he spoke, they all looked up, but only Milo could see the gay and exciting circus there on the horizon. There were tents and side shows and rides and even wild animals - everything a little boy could spend hours watching.
   "And wouldn't you enjoy a more pleasant aroma?" he said, turning to Tock.
   Almost immediately the dog smelt a wonderful smell that no-one but he could smell. It was made up of all the marvellous things that had ever delighted his curious nose.
   "And here's something I know you'll enjoy hearing," he assured the Humbug.
   The bug listened with rapt attention to something he alone could hear - the shouts and applause of an enormous crowd, all cheering for him.
   They each stood as if in a trance, looking, smelling, and listening to the very special things that the Senses Taker had provided for them, forgetting completely about where they were going and who, with evil intent, was coming up behind them.
   The Senses Taker sat back with a satisfied smile on his puffy little face as the demons came closer and closer, until less than a minute separated them from their helpless victims.
   But Milo was too engrossed in the circus to notice, and Tock had closed his eyes, the better to smell, and the bug bowing and waving, stood with a look of sheer bliss on his face, interested only in the wild ovation.
------------------------------------------

Of course Milo, Tock and the Humbug do eventually escape, and the Senses Taker's true nature is revealed: he is a demon himself:

------------------------------------------
   "I warned you; I warned you I was the Senses Taker," sneered the Senses Taker. "I help people find what they're not looking for, hear what they're not listening for, run after what isn't there. And, furthermore," he cackled, hopping around gleefully on his stubby legs, "I'll steal your sense of purpose, take your sense of duty, destroy your sense of proportion..."
------------------------------------------

It's as good a description of the dangers of the personalisation of the internet - which I've written about before, and is inherent in the Symbiotic Web model that underlies a lot of my work - as you might find. The Senses Taker's processes - gather all the data it can, use it to conceptualise how each individual might be seduced into doing something to the benefit of the Senses Taker (rather than to the benefit of the individual) is pretty much exactly what behavioural advertising does, what Facebook does, what many other kinds of privacy-invasive profile-based systems do. And the Sense Taker is a demon.......


P.S. If you haven't read the Phantom Tollbooth, you should! It's a brilliant book, lots of fun and at the same time actually quite deep!

Sunday 18 December 2011

12 wishes for online privacy....


It's that time of year for lists, predictions and so forth. I don't want to make predictions myself - I know all too well how hard it is to predict anything in this world, and even more so in the online world. I do, however, have wishes. Many of these are pipe dreams, I'm afraid, but some of them do have some small hope of coming true. So here they are, my twelve wishes for online privacy…


  1. That I don’t hear the ‘if you’ve got nothing to hide…’ argument against privacy ever again...
  2. That governments worldwide begin to listen more to individuals and to advocacy groups and less to the industry lobby groups, particularly those of the copyright and security industries
  3. That privacy problems continue to grab the headlines – so that privacy starts to be something of a selling point, and companies compete to become the most ‘privacy-friendly’ rather than just paying lip service to privacy
  4. That the small signs I’ve been seeing that Google might be ‘getting’ privacy do not turn out to be illusions. Go on, Google, go on!
  5. That my ‘gut feeling’ that 2012 could be the peak year for Facebook turns out to be true. Not because I particularly dislike Facebook – I can see the benefits and strengths of its system – but because the kind of domination and centralisation it represents can’t be good for privacy in the end, and I don't believe that the man who said that privacy was no longer a 'social norm' has really changed his spots
  6. That the ICO grows some cojones, and starts understanding that it’s supposed to represent us, not just find ways for businesses to get around data protection regulations…
  7. That the media (and yes, I’m talking to YOU, BBC), whenever they get told about a new technical innovation, don’t just talk about how wonderful and exciting it is, but think a little more critically, and particularly about privacy
  8. That the revision to the Data Protection Directive (or perhaps Regulation) turns into something that is both helpful and workable – and not by compromising privacy to the wishes of business interests.
  9. That neither SOPA nor PIPA get passed in the US…
  10. That the right to be forgotten, something I’ve written about a number of times before, is discussed for what it is, not what people assume it must be based solely on the misleading name. It’s not about censorship or rewriting history. It really isn’t! It’s about people having rights over their own data! Whose data? Our data!
  11. That the Labour Party begins to put together a progressive digital policy, and says sorry for ever having listened to the copyright lobby in introducing the Digital Economy Act! 
  12. That we start thinking more about the ordinary privacy of ordinary people, not just that of celebrities and politicians… 
These are of course just a sample of the things I could say - but if even a few of them start to become true, it would be a really good start. Here's wishing....

Thursday 8 December 2011

Privacy is not the enemy...

I attended the Oxford Institute event 'Anonymity, Privacy and Open Data' yesterday, notable amongst other things for Professor Ross Anderson's systematic and incredibly powerful destruction of the argument in favour of 'anonymisation' as a protection for privacy. It was a remarkable event, with excellent speakers talking on the most pertinent subjects of the day in terms of data privacy: compelling stuff, and good to see so many interesting people working in the privacy and related fields.

And yet, at one point, one of the audience asked a question about whether a group like this was not too narrow, and that by focussing on privacy we were losing sight of other 'goods' - he was thinking particularly of medical goods, as 'privacy' was seen as threatening the possibility of sharing medical data. I understood his point - and I understood his difficulty, as he was in a room to a great extent full of people interested in privacy (hardly surprising given the title of the event). Privacy advocates are often used to the reverse position - trying to 'shout out' about privacy to a room full of avid data-sharers or supporters of business innovation above all things. A lot of antagonism. A lot of feelings about being 'threatened'. And yet I believe that many of those threatened are missing the point about privacy. Just as Guido Fawkes is wrong to characterise privacy just as a 'euphemism for censorship' (as I've written about before) and Paul McMullan is wrong to suggest that 'privacy is for paedos', the idea that privacy is the 'enemy' of so many things is fundamentally misconceived. To a great extent the opposite is true.

Privacy is not the enemy of free expression - indeed, as Jo Glanville of Index on Censorship has argued, privacy is essential for free expression. Without the protection provided by privacy, people are shackled by the risk that their enemies, those that would censor them, arrest them or worse, can uncover their indentures, find them and do their worst. Without privacy, there is no free expression.

Privacy is not the enemy of 'publicness' - in a similar way, to be truly 'public', people need to be able to protect what is private. They need to be able to have at least some control over what they share, what they put into the public. If they have no privacy, no control at all, how can they know what to share?

Privacy is not the enemy of law enforcement - privacy is sometimes suggested to be a tool for criminals, something behind which they can hide behind. The old argument that 'if you've got nothing to hide, you've got nothing to fear' has been exposed as a fallacy many times - perhaps most notably by Daniel Solove (e.g. here), but there is another side to the argument. Criminals will use whatever tools you present them with. If you provide an internet with privacy and anonymity they'll use that privacy and anonymity - but if you provide an internet without privacy, they'll exploit that lack of privacy. Many scams related to identity theft are based around taking advantage of that lack of privacy. It would perhaps be stretching a point to suggest that privacy is a friend to law enforcement - but it is as much of an enemy to criminals as it is to law enforcement agencies. Properly implemented privacy can protect us from crime.

Privacy is not the enemy of security - in a similar way, terrorists and those behind what's loosely described as cyberwarfare will exploit whatever environment they are provided with. If Western Law enforcement agencies demand that social networks install 'back doors' to allow them to pursue terrorists and criminals, you can be sure that those back doors will be used by their enemies - terrorists, criminals, agents of enemy states and so forth. This last week has seen Privacy International launch their 'Big Brother Inc' database, revealing the extent to which surveillance products developed in the West are being sold to despotic and oppressive regimes. It's systematic, and understandable. Surveillance is a double-edged sword - and privacy is a shield which faces many ways (to stretch a metaphor beyond its limits!). Proper privacy protection works against the 'bad guys' as well as the 'good'. It's a supporter of security, not an enemy.

Privacy is not the enemy of business - though it is the enemy of certain particular business models, just as 'health' is the enemy of the tobacco industry. Ultimately, privacy is a supporter of business, because better privacy increases trust, and trust helps business. Governments need to start to be clear that this is the case - and that by undermining privacy (for example though the oppressive and disproportionate attempts to control copyright infringement) they undermine trust, both in businesses and in themselves as governments. Privacy is certainly a challenge to business - but that's merely reflective of the challenges that all businesses face (and should face) in developing businesses that people want to use and are willing to pay money for.

Privacy is not the enemy of open data - indeed, precisely the opposite. First of all, privacy should make it clear which data should be shared, and how. 'Public' data doesn't infringe privacy - from bus timetables to meteorological records, from public accounts to parliamentary voting records. Personal data is just that - personal - and sharing it should happen with real consent. When is that consent likely to be given? When people trust that their data will be used appropriately. When will they trust? When privacy is generally in place. Better privacy means better data sharing.


All this is without addressing the question of whether (and to what extent) privacy is a fundamental right. I won't get into that here - it's a philosophical question and one of great interest to me, but the arguments in favour of privacy are highly practical as well as philosophical. Privacy shouldn't be the enemy - it should be seen as something positive, something that can assist and support. Privacy builds trust, and trust helps everyone.